Showing posts with label Windows Backdoor. Show all posts
Showing posts with label Windows Backdoor. Show all posts

Thursday 4 April 2013

Resetting a Local Administrator Account Password in Windows 2008 R2

Had trouble using the NT Password utility or any other recover tool to reset a local administrator account for Windows 2008 R2?   Well here's a simple way to do that which uses the Vista Backdoor trick.  You should get yourself a copy of Hiren's Boot CD to do this.  One thing to note is that if you are doing this on a virtual machine the VMware Paravirtual SCSI device will not show any disks when you boot off this tool.  The other thing to note is that the "Offline NT/XP/2000/Vista/ Windows 7 Password Changer" is a use at your own risk tool, I've also not had it work on fully patched Windows 2008 R2 machines:

  • Burn the ISO to CD (if no iLO/RMC or the machine is not virtual)
  • Boot off the Hiren's Boot CD
  • Select MiniXP Environment

  • Once the environment has booted, fire up Explorer

  • Browse to the Drive (if you have multiple, check each one) with the Windows installation on it

  • Browse to <Drive>\Windows\System32\

  • Rename "Magnify.exe" to "Magnify.exe.old"

  • Copy "CMD.exe" and paste it in the same directory (you should end up with a file called 'CMD_2.exe' at the very bottom of the explorer list of files) rename the copy to "Magnify.exe"

  • Reboot the Server (with Hiren's now unmounted)
  • At the login screen, down the bottom left click the "Ease of Access" icon (circled in the image)

  • Select "Make items on the screen larger (Magnifier)" then click OK
  • You'll now have a Command Prompt running (if you type whoami, you'll see it is running as NT System)

  • Type "net user" and hit enter (you'll see a list of local users)
  • Type "net user <username> <password>" and the user of your choice's password is now changed!!!!  Note * change the password to a password that would match the local/domain security policy of your machine

  • You can also use standard net commands to add a user to the local administrators group, create a new user, etc! Close down the Magnify (well command prompt window) for the tidy up.

  • Once done, delete the "Magnify.exe' and replace it by renaming "Magnify.exe.old" back to "Magnify.exe"  Remember to take ownership of Magnify.exe.old first to Administrators and give full access before you do this!

  • The last thing to do is to make sure that Magnify doesn't launch every time you log in to the server.  Go to "Ease of Access" from control panel

  • Click "Optimize Visual Display"

  • Uncheck "Turn on Magnifier"
  • Click "Apply" then "OK"

There you have it, a simple and "SAFE" way of changing a local administrators password on a Windows Server 2008 R2 machine